Mark O’Neil discusses API management
In recent weeks, the API market has exploded with multiple acquisitions in the API Management space, beginning with Axway’s acquisition of Vordel, at the end of 2012.
More recently, Computer Associates acquired Layer 7, Intel acquired Mashery, and Mulesoft acquired ProgrammableWeb.
I believe this flurry of acquisitions is evidence of a maturing market where APIs are now seen as critical for the Enterprise and no longer the preserve of consumer oriented services such as Facebook and Twitter. This piece explores what the recent consolidation means for enterprises and explains the importance of an API management strategy.
Let’s take a look at what APIs are. When we refer to APIs today we are referencing Web APIs, which leverage REST and HTTP protocols. Web APIs are now widely used for integration, especially to enable mobile applications. In summary, APIs are how mobile Apps communicate back to servers – this is how they get their data. For example, when a user is accessing a bank account via a mobile device, the banking transactions are not stored on the device; they are pulled down by an API as required.
Web APIs are the glue linking apps together and are now widely used for integration, especially to enable mobile applications. Today, APIs are such an important technology trend, that new business models are developing on top of them. This is often referred to as “The API economy”. The API economy includes mobile apps developed on top of APIs, as well as new business enabled by APIs.
Open and Enterprise APIs
APIs divide broadly into two categories: Open APIs and Enterprise APIs. “Open APIs” are APIs which are available to any client, often hosted in the Cloud. Facebook, Twitter, and Google Maps are examples of open APIs. These APIs are widely available. In contrast, “Enterprise APIs” run inside the enterprise and are not publicly available. Enterprise APIs will typically handle confidential information, with higher value business transactions and consequently require sophisticated levels of monitoring, reporting and a stricter level of regulatory control.
Organizations typically deploy APIs to enable mobile apps. This includes enabling Apps for employees and enabling Apps for the outside world for use by customers. In this way, Open and Enterprise APIs are used for similar purposes. Additionally, both Enterprise and Open APIs remove the requirement to deal directly with legacy systems, and use simple HTTP interfaces instead.
API Management Strategy
While the recent acquisitions have reinforced the value of API management, some confusion remains about what API management actually delivers. Within an enterprise, a security person may understand that API management means blocking threats, network operations may think it involves monitoring, and CIOs and CEOs may see it in terms of mobile enablement. In fact, API Management covers all of the areas mentioned.
API management is a critical part of any API strategy. While the security of APIs is vital, the API management strategy should also focus on equally important elements including monitoring, analytics, governance, custom reports, developer enablement and policy management. In summary, when implementing an API management strategy an enterprise should ensure the chosen solution provides sufficient levels of visibility and sophisticated diagnostic analysis of its APIs. Without effective API management, an organization’s APIs could potentially become sabotaged or compromised, damaging the brand’s reputation and exposing its users to potential criminal attack.
Alternatively, an organization can attempt to build its own API management infrastructure in an ad hoc approach. However, it may overlook important pieces of the process, such as monitoring, thus lacking full visibility into how the APIs are being used. Organizations that adopt a more structured approach to their API management strategy, via an API management platform, are at an advantage. They are often surprised to receive previously unavailable information, regarding how their APIs are being used, who uses them, and when they are used. For example, they can see trends over time, and see which clients are using their APIs (e.g. iPhone apps vs. Android apps).
Internet of Things
The importance of APIs will continue to grow especially as the trend referred to as the “Internet of Things” gains prominence. The term "Internet of Things" (IoT) was coined approximately 15 years ago by RFID technology pioneer Kevin Ashton and refers to how Internet traffic is increasingly based on a system-to-system or an application-to-application approach as opposed to involving humans. Recently Cisco CEO, John Chambers, estimated that the IoT market would generate upto $14trillion in profits for the world’s economy.
While we’re at the early stages of broad IoT implementation, engineers today are linking objects as diverse as smartphones, cars, and household appliances to sensors, each other and the Internet. This growth coincides with another growth area: the growth of Web APIs for integration. Web APIs are the underlying technology enabling IoT. For example, a utility consumer can use a mobile app to view details about their energy usage and pricing, as well view the temperature of their home, using information sent from their thermostat out to a Web API in the Cloud.
The danger of APIs becoming sabotaged or compromised is significant. For example, within the IoT context if a rogue user accessed an automotive firm’s API, the unauthorised person could have the ability to remotely unlock or lock a car – without the owner’s permission. To avoid this exposure, the organisation would need to have clear policies around who can access the API and define who has permission to remotely lock and unlock the car, using identity standards such as OAuth.
Adopt an API Management Strategy
In conclusion, it is clear APIs are part of business and are here to stay. I would encourage all organisations leveraging APIs to adopt an API management strategy aligned with their API deployments. If an organisation does not have an effective API management strategy, it lacks visibility into how its APIs are being used and therefore puts its business and its users at risk of data security breaches, privacy issues and ultimately a loss of business.
Mark O’Neill is a frequent speaker and blogger on APIs and security. He is the co-founder and CTO at Vordel, now part of Axway. In his new role as VP Innovation, he manages Axway’s Identity and API Management strategy. Vordel’s API Server enables enterprises to connect to Cloud and Mobile. Mark can be followed on his blog at www.soatotheCloud.com and twitter @themarkoneill
|< Prev||Next >|